Information System Security Officer (ISSO) - Full-time

Description

The qualified candidate will serve as an Information Assurance professional within an established Information Security team. Under the direction of the Information System Security Manager (ISSM) the position specific responsibilities will include:

Primary Responsibilities

• This role may include a combination of duties to protect information and maintain security controls for an entire system, site, or program to reduce risk.
• Develop and update assessment and authorization documentation of information systems.
• Validate security policies and procedures outlined in the System Security Plan.
• Develop process for the management, review, and retention of security audit data.  Report audit discrepancies to the ISSM.
• Perform security audits IAW established procedures. 
• Establish system specific recovery processes to ensure security features and procedures are properly protected and restored.
• Conduct vulnerability management (scanning, assessment, reporting, and mitigation verification), security reviews and tests of systems to verify security features and controls are functional and effective. Take corrective action to resolve identified vulnerabilities.
• Perform periodic maintenance on systems to include installation of operating system patches and updating virus definitions.
• Install hardware and software as required.
• User account management.
• Work in eMASS to ensure all ATO packages are current. To include, POA&M management, Continuous Monitoring, etc.
• Apply STIGs to different Operating Systems and applications.

Basic Qualifications

• Ability to obtain a Top-Secret clearance is required for consideration.
• Bachelor’s degree in Information Security, Information Systems, Cybersecurity, Information Technology/Network Administration with 3 -5 years’ experience.
• 5 – 8 years of direct experience may be substituted in lieu of degree.
• A working knowledge of Linux-based Information Systems with basic experience with Windows operating systems.
• Ability to work independently, prioritize, schedule, and complete multiple tasks.
• Experience with the Risk Management Framework (RMF) process.
• Experience with eMASS, Continuous Monitoring, POA&Ms, NIST SP 800-53 Security Controls, answering test results and applying STIGs to Operating Systems and applications.
• Vulnerability Scanning/Management using Nessus/ACAS or like software.
• Possess a current DoD 8570.01 compliant certification for IAM Level II, e.g. Security + w/CE, or the ability to obtain either within 6 months of employment.

Preferred Qualifications

• Experience conducting security audits of information systems.
• Extensive training or experience with Windows-based Information Systems with a working knowledge of LINUX operating systems. Must be able to audit Red Hat systems.
• Experience with Networking equipment. Firewalls, switches, etc
• Experience with VMware. vCenter Servers, VMs, etc.
• Vulnerability assessment and analysis experience utilizing SCAP, ACAS/NESSUS and DISA STIGs
• Experience with DoD implementation of the Risk Management Framework (RMF) and governing directives (NIST, CNSS, DSS, etc.)
• Possess a current DoD 8570.01 compliant certification for IAM Level II/IAM Level III. (Sec +, CySA, CISM. CISSP)

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.